Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 23 Core Security Key Data Buffer Overflow Flaws Detected 2037

fedora
Calendar Grey March 9, 2026
Dist Fedora Esm H88
Update for Fedora 42 addresses important integer overflows and security issues affecting CEF and Chromium.
Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 (rhbz#2437035) CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Inte...

Summary

CEF is an embeddable build of Chromium, powered by WebKit (Blink).

Update Information:

Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 (rhbz#2437035) CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow in Skia CVE-2026-3539: Object lifecycle issue in DevTools CVE-2026-3540: Inappropriate implementation in WebAudio CVE-2026-3541: Inappropriate implementation in CSS CVE-2026-3542: Inappropriate implementation in WebAssembly CVE-2026-3543: Inappropriate implementation in V8 CVE-2026-3544: Heap buffer overflow in WebCodecs CVE-2026-3545: Insufficient data validation in Navigation CVE-2026-3061: Out of bounds read in Media CVE-2026-3062: Out of bounds read and write in Tint CVE-2026-3063: Inappropriate implementation in DevTools CVE-2026-2648: Heap buffer overflow in PDFium CVE-2026-2649: Integer overflow in V8 CVE-2026-2650: Heap buffer overflow in Media

Topics%20covered

Topics Covered

security advisory fedora buffer overflow important integer overflow object lifecycle

Change Log

* Sat Mar 7 2026 Hoshino Lina - 145.0.28^chromium145.0.7632.159-1 - Bump to cef-145.0.28+g51162e8 (rhbz#2437035) * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.159-1 - Update to 145.0.7632.159 - * CVE-2026-3536: Integer overflow in ANGLE - * CVE-2026-3537: Object lifecycle issue in PowerVR - * CVE-2026-3538: Integer overflow in Skia - * CVE-2026-3539: Object lifecycle issue in DevTools - * CVE-2026-3540: Inappropriate implementation in WebAudio - * CVE-2026-3541: Inappropriate implementation in CSS - * CVE-2026-3542: Inappropriate implementation in WebAssembly - * CVE-2026-3543: Inappropriate implementation in V8 - * CVE-2026-3544: Heap buffer overflow in WebCodecs - * CVE-2026-3545: Insufficient data validation in Navigation * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.116-1 - Update to 145.0.7632.116 - * CVE-2026-3061: Out of bounds read in Media - * CVE-2026-3062: Out of bounds read and write in Tint - * CVE-2026-3063: Inappropriate implementation in DevTools * Sat Mar 7 2026 Than Ngo - 145.0.25^chromium145.0.7632.109-1 - Update to 145.0.7632.109 - * CVE-2026-2648: Heap buffer overflow in PDFium - * CVE-2026-2649: Integer overflow in V8 - * CVE-2026-2650: Heap buffer overflow in Media * Sat Mar 7 2026 Hoshino Lina - 145.0.25^chromium145.0.7632.75-5 - Use C++20 for libcef target

References


[ 1 ] Bug #2437035 - cef-145.0.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437035

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-95fffce421' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: cef
Product: Fedora 42
Version: 145.0.28^chromium145.0.7632.159
Release: 1.fc42
URL: https://bitbucket.org/chromiumembedded/cef
Summary: Chromium Embedded Framework

Topics%20covered

Topics Covered

security advisory fedora buffer overflow important integer overflow object lifecycle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here